update of cURL to the current version. Upstream changelog:

Changes:
--------

darwinssl: add TLS session resumption
darwinssl: add TLS crypto authentication
imap/pop3/smtp: Added support for ;auth= in the URL
imap/pop3/smtp: Added support for ;auth= to CURLOPT_USERPWD
usercertinmem.c: add example showing user cert in memory
url: Added smtp and pop3 hostnames to the protocol detection list
imap/pop3/smtp: Added support for enabling the SASL initial response
curl -E: allow to use ':' in certificate nicknames

Bugfixes:
---------

SECURITY VULNERABILITY: curl_easy_unescape() may parse data beyond
    the end of the input buffer [26]
FTP: access files in root dir correctly
configure: try pthread_create without -lpthread
FTP: handle a 230 welcome response
curl-config: don't output static libs when they are disabled
CURL_CHECK_CA_BUNDLE: don't check for paths when cross-compiling
Various documentation updates
getinfo.c: reset timecond when clearing session-info variables
FILE: prevent an artificial timeout event due to stale speed-check data
ftp_state_pasv_resp: connect through proxy also when set by env
sshserver: disable StrictHostKeyChecking
ftpserver: Fixed imap logout confirmation data
curl_easy_init: use less mallocs
smtp: Fixed unknown percentage complete in progress bar
smtp: Fixed sending of double CRLF caused by first in EOB
bindlocal: move brace out of #ifdef
winssl: Fixed invalid memory access during SSL shutdown
OS X framework: fix invalid symbolic link
OpenSSL: allow empty server certificate subject
axtls: prevent memleaks on SSL handshake failures
cookies: only consider full path matches
Revert win32 MemoryTracking: wcsdup() _wcsdup() and _tcsdup()
Curl_cookie_add: handle IPv6 hosts
ossl_send: SSL_write() returning 0 is an error too
ossl_recv: SSL_read() returning 0 is an error too
Digest auth: escape user names with backslash or " in them
curl_formadd.3: fixed wrong "end-marker" syntax
libcurl-tutorial.3: fix incorrect backslash
curl_multi_wait: reduce timeout if the multi handle wants to
tests/Makefile: typo in the perlcheck target
axtls: honor disabled VERIFYHOST
OpenSSL: avoid double free in the PKCS12 certificate code
multi_socket: reduce timeout inaccuracy margin
digest: support auth-int for empty entity body
axtls: now done non-blocking
lib1900: use tutil_tvnow instead of gettimeofday
curl_easy_perform: avoid busy-looping
CURLOPT_COOKIELIST: take cookie share lock
multi_socket: react on socket close immediately

6 files changed, 19 insertions, 35 deletions

diff --git a/www/curl/Makefile b/www/curl/Makefile
index 53b76606748..9f5a8eee4b4 100644
--- a/www/curl/Makefile
+++ b/www/curl/Makefile
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.129 2013/06/29 12:08:50 drochner Exp $
+# $NetBSD: Makefile,v 1.130 2013/06/29 19:24:57 spz Exp $
 
-DISTNAME=	curl-7.30.0
-PKGREVISION=	2
+DISTNAME=	curl-7.31.0
 CATEGORIES=	www
 MASTER_SITES=	http://curl.haxx.se/download/ \
 		ftp://ftp.sunet.se/pub/www/utilities/curl/
diff --git a/www/curl/PLIST b/www/curl/PLIST
index da76be3545e..5b154e9cd17 100644
--- a/www/curl/PLIST
+++ b/www/curl/PLIST
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.39 2013/04/14 16:39:48 wiz Exp $
+@comment $NetBSD: PLIST,v 1.40 2013/06/29 19:24:57 spz Exp $
 bin/curl
 bin/curl-config
 include/curl/curl.h
@@ -136,3 +136,5 @@ share/examples/curl/smtp-tls.c
 share/examples/curl/synctime.c
 share/examples/curl/threaded-ssl.c
 share/examples/curl/url2file.c
+share/examples/curl/usercertinmem.c
+share/examples/curl/xmlstream.c
diff --git a/www/curl/distinfo b/www/curl/distinfo
index c7e6b3a98a9..8458ce8d710 100644
--- a/www/curl/distinfo
+++ b/www/curl/distinfo
@@ -1,8 +1,7 @@
-$NetBSD: distinfo,v 1.86 2013/06/29 12:08:50 drochner Exp $
+$NetBSD: distinfo,v 1.87 2013/06/29 19:24:57 spz Exp $
 
-SHA1 (curl-7.30.0.tar.bz2) = 23fdc215558023b943cea9dfab04b86020037b0d
-RMD160 (curl-7.30.0.tar.bz2) = 858e772c17fc05d7114856f09fc34e696f1ef595
-Size (curl-7.30.0.tar.bz2) = 2625976 bytes
-SHA1 (patch-CVE-2013-2174) = 30b9f66fbc1112ba1dc361002768a0597ac1456b
-SHA1 (patch-aa) = 07e12cd0576b87cfed74a6a2bf8dd42cb2f5a570
-SHA1 (patch-curl-config.in) = c685dd4fd85fc9d97c6e6ff8dbf871c35dd57046
+SHA1 (curl-7.31.0.tar.bz2) = 9333b1fc63ded189b6014afe7bb415fa1f22ae10
+RMD160 (curl-7.31.0.tar.bz2) = e8fac9e4a80a20c3cef79615286722183abfd335
+Size (curl-7.31.0.tar.bz2) = 2679209 bytes
+SHA1 (patch-aa) = 349ce5314d05a35d3af36f424234937f5ef8fcfb
+SHA1 (patch-curl-config.in) = 0dd49de806865c19fbf766ad208f8f2495824442
diff --git a/www/curl/patches/patch-CVE-2013-2174 b/www/curl/patches/patch-CVE-2013-2174
deleted file mode 100644
index 8a5ea0f664b..00000000000
--- a/www/curl/patches/patch-CVE-2013-2174
+++ /dev/null
@@ -1,16 +0,0 @@
-$NetBSD: patch-CVE-2013-2174,v 1.1 2013/06/29 12:08:50 drochner Exp $
-
-see http://curl.haxx.se/docs/adv_20130622.html
-
---- lib/escape.c.orig	2013-01-16 22:05:56.000000000 +0000
-+++ lib/escape.c
-@@ -159,7 +159,8 @@ CURLcode Curl_urldecode(struct SessionHa
- 
-   while(--alloc > 0) {
-     in = *string;
--    if(('%' == in) && ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
-+    if(('%' == in) && (alloc > 2) &&
-+       ISXDIGIT(string[1]) && ISXDIGIT(string[2])) {
-       /* this is two hexadecimal digits following a '%' */
-       char hexstr[3];
-       char *ptr;
diff --git a/www/curl/patches/patch-aa b/www/curl/patches/patch-aa
index a9978a693d6..e1000f1c15c 100644
--- a/www/curl/patches/patch-aa
+++ b/www/curl/patches/patch-aa
@@ -1,8 +1,8 @@
-$NetBSD: patch-aa,v 1.21 2013/02/11 12:20:44 wiz Exp $
+$NetBSD: patch-aa,v 1.22 2013/06/29 19:24:57 spz Exp $
 
---- configure.orig	2013-02-06 09:47:26.000000000 +0000
+--- configure.orig	2013-06-21 22:29:35.000000000 +0000
 +++ configure
-@@ -3635,6 +3635,7 @@ $as_echo "$as_me: $xc_bad_var_msg librar
+@@ -3646,6 +3646,7 @@ $as_echo "$as_me: $xc_bad_var_msg librar
          ;;
      esac
    done
@@ -10,7 +10,7 @@ $NetBSD: patch-aa,v 1.21 2013/02/11 12:20:44 wiz Exp $
    if test $xc_bad_var_cflags = yes; then
      { $as_echo "$as_me:${as_lineno-$LINENO}: using CFLAGS: $CFLAGS" >&5
  $as_echo "$as_me: using CFLAGS: $CFLAGS" >&6;}
-@@ -16373,7 +16374,7 @@ squeeze() {
+@@ -16634,7 +16635,7 @@ squeeze() {
  
  
        #
@@ -19,7 +19,7 @@ $NetBSD: patch-aa,v 1.21 2013/02/11 12:20:44 wiz Exp $
      #
      if test "$compiler_id" = "GNU_C" ||
        test "$compiler_id" = "CLANG"; then
-@@ -21261,15 +21262,15 @@ $as_echo "#define HAVE_GSSAPI 1" >>confd
+@@ -21496,15 +21497,15 @@ $as_echo "#define HAVE_GSSAPI 1" >>confd
             LIBS="$gss_libs $LIBS"
          elif test "$GSSAPI_ROOT" != "yes"; then
             LDFLAGS="$LDFLAGS -L$GSSAPI_ROOT/lib$libsuff"
@@ -38,7 +38,7 @@ $NetBSD: patch-aa,v 1.21 2013/02/11 12:20:44 wiz Exp $
    fi
  else
    CPPFLAGS="$save_CPPFLAGS"
-@@ -24833,19 +24834,19 @@ $as_echo "$as_me: WARNING: You need an l
+@@ -25070,19 +25071,19 @@ $as_echo "$as_me: WARNING: You need an l
  $as_echo "yes" >&6; }
          if test "x$OPENSSL_ENABLED" = "x1"; then
            versioned_symbols_flavour="OPENSSL_"
diff --git a/www/curl/patches/patch-curl-config.in b/www/curl/patches/patch-curl-config.in
index 085dc0b7938..e7712e879a7 100644
--- a/www/curl/patches/patch-curl-config.in
+++ b/www/curl/patches/patch-curl-config.in
@@ -1,8 +1,8 @@
-$NetBSD: patch-curl-config.in,v 1.2 2013/04/14 16:39:49 wiz Exp $
+$NetBSD: patch-curl-config.in,v 1.3 2013/06/29 19:24:57 spz Exp $
 
 - make "curl-config --libs" return proper ldflags for shared libraries
 
---- curl-config.in.orig	2013-02-06 14:44:37.000000000 +0000
+--- curl-config.in.orig	2013-06-21 22:29:04.000000000 +0000
 +++ curl-config.in
 @@ -148,9 +148,9 @@ while test $# -gt 0; do
             CURLLIBDIR=""